Not all traffic that reaches your WordPress site is legitimate. Bots, scrapers, vulnerability scanners, and human attackers generate a constant stream of malicious requests aimed at probing your site for weaknesses, harvesting content, and finding ways in.
IP blocking and user agent filtering let you stop this traffic at the gate — before it ever touches your WordPress installation, uses your server resources, or triggers your security systems.
How IP Blocking Works
Every device that connects to the internet has an IP address. When you block an IP address, your server refuses all incoming connections from that address before any WordPress code runs. It’s one of the most efficient forms of protection possible — the bad request never even reaches your site.
Trusti Security gives you control over IP blocking with two complementary approaches:
Manual IP Blocking
Add specific IP addresses to your block list manually from the Trusti Security dashboard. This is useful when you’ve identified a persistent attacker, received information about a specific malicious IP, or want to proactively block addresses you know to be problematic. Manually blocked IPs are blocked permanently until you remove them.
Automatic IP Blocking
When Trusti Security’s brute force protection triggers a lockout, the offending IP is automatically added to the block list for the configured duration. You don’t need to do anything — the system identifies the threat and blocks it. You can configure notifications so you’re aware when this happens.
User Agent Filtering: Blocking Malicious Bots
While IP addresses identify where traffic is coming from, user agent strings identify what is making the request. Browsers, bots, scrapers, and automated tools all send a user agent header that identifies themselves.
Malicious bots often use identifiable user agent patterns — known vulnerability scanners, content scrapers, and exploit frameworks announce themselves in their user agent strings. Trusti Security’s user agent filtering lets you block these patterns before they interact with your site at all. You can block specific user agent strings and use patterns to catch variations.
XML-RPC Protection
WordPress includes an XML-RPC endpoint (/xmlrpc.php) that enables remote publishing and certain plugin integrations. It’s also a well-known attack vector — attackers use it to amplify brute force attempts (one XML-RPC request can test thousands of password combinations) and to launch DDoS attacks using your site as a proxy.
Most modern WordPress sites don’t need XML-RPC at all. Trusti Security’s hardening options let you disable it completely, closing off this attack surface. If you do need it for specific integrations, you can leave it enabled while relying on other protections to limit abuse.
The Combined Effect
IP blocking and user agent filtering work together to reduce the volume of malicious traffic that reaches your WordPress installation. Less malicious traffic means less exposure, cleaner security logs, and lower server load from handling attack requests.
Trusti Security manages all of these from a single, unified interface — with automatic blocking from brute force events, manual control over the block list, detailed logs, and configurable notifications when new threats are detected and blocked.